Home page logo

nanog logo nanog mailing list archives

Re: Quarantine your infected users spreading malware
From: "Jason Frisvold" <xenophage0 () gmail com>
Date: Tue, 21 Feb 2006 10:42:20 -0500

On 2/21/06, Bill Nash <billn () odyssey billn net> wrote:
If you're talking about a compulsory software solution, why not, as an
ISP, go back to authenticated activity? Distribute PPPOE clients mated
with common anti-spyware/anti-viral tools. Pull down and update signatures
*every time* the user logs in, and again periodically while the user is
logged in (for those that never log out). Require these safeguards to be
active before they can pass the smallest traffic.

Cost prohibitive..  In order to do that you'll need licenses from the
AV companies..

The change in traffic flow would necessitate some architecture kung fu,
maybe even AOL style, but you'd have the option of selectively picking out
reported malicious/infected users (*cough* ThreatNet *cough*) and routing
them through packet inspection frameworks on a case by case basis. Quite
possibly, you could even automate that and the users would never be the

And then the privacy zealots would be livid..  Silently re-routing
traffic like that..  How dare you suggest such a ... wait..  hrm.. 
The internet basically does this already..  I wonder if the zealots
are aware of that..  :)

- billn

Jason 'XenoPhage' Frisvold
XenoPhage0 () gmail com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]